1. Patchew
  2. Libvirt
  3. [PATCH 0/3] apparmor: assume at least version 3
  4. View patch

[PATCH 3/3] meson: drop remaining checks for apparmor version

Daniel P. Berrangé via Devel posted 3 patches 8 months, 2 weeks ago
There is a newer version of this series
[PATCH 3/3] meson: drop remaining checks for apparmor version
Posted by Daniel P. Berrangé via Devel 8 months, 2 weeks ago 
From: Daniel P. Berrangé <berrange@redhat.com>

We can now assume at least version three:

 * Debian 12: 3.0.8
 * openSUSE Leap 15.5: 3.0.4
 * openSUSE Leap 15.6: 3.1.7
 * Ubuntu 22.04: 3.0.4
 * Ubuntu 24.04: 4.0.0

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 meson.build                       |  3 ---
 src/security/apparmor/meson.build | 11 -----------
 src/security/virt-aa-helper.c     |  9 ++-------
 3 files changed, 2 insertions(+), 21 deletions(-)

diff --git a/meson.build b/meson.build
index 56823ca25b..9e23b3089f 100644
--- a/meson.build
+++ b/meson.build
@@ -929,9 +929,6 @@ endif
 apparmor_dep = dependency('libapparmor', required: get_option('apparmor'))
 if apparmor_dep.found()
   conf.set('WITH_APPARMOR', 1)
-  if apparmor_dep.version().version_compare('>=3.0.0')
-    conf.set('WITH_APPARMOR_3', 1)
-  endif
   conf.set_quoted('APPARMOR_DIR', sysconfdir / 'apparmor.d')
   conf.set_quoted('APPARMOR_PROFILES_PATH', '/sys/kernel/security/apparmor/profiles')
 endif
diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build
index f1319541e4..c1bd10717b 100644
--- a/src/security/apparmor/meson.build
+++ b/src/security/apparmor/meson.build
@@ -44,14 +44,3 @@ install_data(
   [ 'TEMPLATE.qemu', 'TEMPLATE.lxc' ],
   install_dir: apparmor_dir / 'libvirt',
 )
-
-if not conf.has('WITH_APPARMOR_3')
-  # We only install the empty local override for AppArmor 2.x. For
-  # AppArmor 3.x, upstream's preference is to avoid creating these
-  # files in order to limit the amount of filesystem clutter.
-  install_data(
-    'usr.lib.libvirt.virt-aa-helper.local',
-    install_dir: apparmor_dir / 'local',
-    rename: 'usr.lib.libvirt.virt-aa-helper',
-  )
-endif
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 034c042007..25bffdd30b 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1560,13 +1560,8 @@ main(int argc, char **argv)
 
         /* create the profile from TEMPLATE */
         if (ctl->cmd == 'c' || purged) {
-            g_autofree char *tmp = NULL;
-#if defined(WITH_APPARMOR_3)
-            const char *ifexists = "if exists ";
-#else
-            const char *ifexists = "";
-#endif
-            tmp = g_strdup_printf("  #include %s<libvirt/%s.files>\n", ifexists, ctl->uuid);
+            g_autofree char *tmp = g_strdup_printf(
+                "  #include if exists %s<libvirt/%s.files>\n", ifexists, ctl->uuid);
 
             if (ctl->dryrun) {
                 vah_info(profile);
-- 
2.48.1
Re: [PATCH 3/3] meson: drop remaining checks for apparmor version
Posted by Pavel Hrdina via Devel 8 months, 2 weeks ago 
On Mon, Mar 31, 2025 at 11:48:23AM +0100, Daniel P. Berrangé via Devel wrote:
> From: Daniel P. Berrangé <berrange@redhat.com>
> 
> We can now assume at least version three:
> 
>  * Debian 12: 3.0.8
>  * openSUSE Leap 15.5: 3.0.4
>  * openSUSE Leap 15.6: 3.1.7
>  * Ubuntu 22.04: 3.0.4
>  * Ubuntu 24.04: 4.0.0
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  meson.build                       |  3 ---
>  src/security/apparmor/meson.build | 11 -----------
>  src/security/virt-aa-helper.c     |  9 ++-------
>  3 files changed, 2 insertions(+), 21 deletions(-)
> 
> diff --git a/meson.build b/meson.build
> index 56823ca25b..9e23b3089f 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -929,9 +929,6 @@ endif
>  apparmor_dep = dependency('libapparmor', required: get_option('apparmor'))

We should probably add a version check here to require >=3.0.0 like we
do with other dependencies in case someone tries to compile new libvirt
with old apparmor.

>  if apparmor_dep.found()
>    conf.set('WITH_APPARMOR', 1)
> -  if apparmor_dep.version().version_compare('>=3.0.0')
> -    conf.set('WITH_APPARMOR_3', 1)
> -  endif
>    conf.set_quoted('APPARMOR_DIR', sysconfdir / 'apparmor.d')
>    conf.set_quoted('APPARMOR_PROFILES_PATH', '/sys/kernel/security/apparmor/profiles')
>  endif
> diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build
> index f1319541e4..c1bd10717b 100644
> --- a/src/security/apparmor/meson.build
> +++ b/src/security/apparmor/meson.build
> @@ -44,14 +44,3 @@ install_data(
>    [ 'TEMPLATE.qemu', 'TEMPLATE.lxc' ],
>    install_dir: apparmor_dir / 'libvirt',
>  )
> -
> -if not conf.has('WITH_APPARMOR_3')
> -  # We only install the empty local override for AppArmor 2.x. For
> -  # AppArmor 3.x, upstream's preference is to avoid creating these
> -  # files in order to limit the amount of filesystem clutter.
> -  install_data(
> -    'usr.lib.libvirt.virt-aa-helper.local',
> -    install_dir: apparmor_dir / 'local',
> -    rename: 'usr.lib.libvirt.virt-aa-helper',
> -  )
> -endif
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 034c042007..25bffdd30b 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -1560,13 +1560,8 @@ main(int argc, char **argv)
>  
>          /* create the profile from TEMPLATE */
>          if (ctl->cmd == 'c' || purged) {
> -            g_autofree char *tmp = NULL;
> -#if defined(WITH_APPARMOR_3)
> -            const char *ifexists = "if exists ";
> -#else
> -            const char *ifexists = "";
> -#endif
> -            tmp = g_strdup_printf("  #include %s<libvirt/%s.files>\n", ifexists, ctl->uuid);
> +            g_autofree char *tmp = g_strdup_printf(
> +                "  #include if exists %s<libvirt/%s.files>\n", ifexists, ctl->uuid);
>  
>              if (ctl->dryrun) {
>                  vah_info(profile);
> -- 
> 2.48.1
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.